Ten tips for implementing an acceptable Internet use policy
Computerworld -
The Web browser has become the universal window for Internet communications in today's enterprises. Pervasive Internet access and the relative ease of installing Web-based applications are empowering employees with the means to quickly load Web-based e-mail, instant messaging, peer-to-peer file-sharing clients and other Web applications on company networks.
But with the vast benefits offered by the Internet come concurrent risks to the business such as the leaking of intellectual property, productivity loss, increased legal liabilities and security risks. As such, organizations are now compelled to implement and enforce more granular policy controls over how employees use the Internet.
The need for more sophisticated Internet usage policies is clear. What's not so clear is how to design, deploy and maintain a policy that addresses the specific needs of the organization. Businesses should take the following key points into consideration when establishing an acceptable Internet use policy:
1. Conduct a current policy review. Perform an audit of your Internet usage policy and compare it with what you want your new policy to be, based on the specific needs of every element within your organization. Consider the degree of policy enforcement required. Some companies strictly enforce policy controls, while others provide warnings to their end users.
2. Distinguish between departments and employees. Today's Internet access requirements often dictate that different policy controls apply to individuals or departments, or to enterprise network segments.
3. Gain visibility of your network traffic. Use a Web traffic assessment tool, such as a proxy appliance, to identify and monitor Internet traffic and to identify specific areas or groups that are engaging in inappropriate or excessive Web use. This will allow you to analyze how much time users and user groups spend on the Internet during an "average" workday and what policies may need to be implemented.
4. Work hand-in-hand with all departments. Work with departments that have a bearing on the companywide Internet use policy, especially human resources and IT. Ensure that there are no mismatches between the policies established and the ability of the network infrastructure to support them.
5. Perform a policy test exercise. Conduct an exercise with key users when the policy is at a draft stage. This will ensure that the policy is both practical in terms of achieving its objectives and sufficiently flexible to accommodate change or emergency situations.
6. Consider possible loopholes. Users with wide discrepancies in usage rights may simply try to switch desks or computers to overcome barriers and access inappropriate applications.
7. Consider the consequences of remote connectivity. With
Security
Additional Resources



White Papers & Webcasts
Death to PST Files
Download Now
The Tangled Web: Silent Threats & Invisible Enemies
Download Now
Tape Killed the IT Guy
Watch Now
Forrester Consulting Mobility Study: Taking Control of Enterprise Mobile Device Diversity
Download Now
BRM: What You Can Do To Reduce Risk In Challenging Times
Watch this webcast now!
What IT Must Do to Support Employee-Owned BlackBerry, iPhone and Android Mobile Devices
Download Now
Web 2.0, Social Media and the Dark Web - A Web Criminals Paradise?
In this discussion, learn about the challenges of protecting your users from the potentially unsafe content hidden in the "Dark Web".
eGuide: Enterprise Security
Smart Security Strategies for 2010. Read now!
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...

